Re: Debian mirrors and MITM
On Fri, May 30, 2014, at 11:29 PM, Michael Stone wrote:
> On Fri, May 30, 2014 at 11:25:58PM +1000, Alfie John wrote:
> >Well yes, that's something. But serving Debian over HTTPS would prevent
> >the need for this.
> No, it wouldn't--you'd just have a different set of problems. Given that
> mirrors are distributed, it would probably be much more likely that
> you'd improperly rely on a compromised mirror simply because it's
> serving files via https.
If the fingerprints where on a canonical Debian server (aka non-mirror)
being served over HTTPS, then I would be happy with that too.